From b9e88923e7f6c536e0653824e9d4a2d8c6ff5483 Mon Sep 17 00:00:00 2001
From: BrennanConroy <brecon@microsoft.com>
Date: Thu, 5 Apr 2018 11:38:15 -0700
Subject: [PATCH] Comment why we set X-Requested-With (#1870)

---
 .../Internal/WebSocketsTransport.cs                             | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Http.Connections.Client/Internal/WebSocketsTransport.cs b/src/Microsoft.AspNetCore.Http.Connections.Client/Internal/WebSocketsTransport.cs
index 6530953b5b..eeafd86822 100644
--- a/src/Microsoft.AspNetCore.Http.Connections.Client/Internal/WebSocketsTransport.cs
+++ b/src/Microsoft.AspNetCore.Http.Connections.Client/Internal/WebSocketsTransport.cs
@@ -82,6 +82,8 @@ namespace Microsoft.AspNetCore.Http.Connections.Client.Internal
                 _closeTimeout = httpOptions.CloseTimeout;
             }
 
+            // Set this header so the server auth middleware will set an Unauthorized instead of Redirect status code
+            // See: https://github.com/aspnet/Security/blob/ff9f145a8e89c9756ea12ff10c6d47f2f7eb345f/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs#L42
             _webSocket.Options.SetRequestHeader("X-Requested-With", "XMLHttpRequest");
 
             _logger = (loggerFactory ?? NullLoggerFactory.Instance).CreateLogger<WebSocketsTransport>();